CVE-2022-50852 in Linux
Summary
by MITRE • 12/30/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
Don't dereference "sar_root" after it has been freed.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/26/2026
The vulnerability identified as CVE-2022-50852 resides within the Linux kernel's wireless subsystem, specifically affecting the mt76 driver family used for MediaTek wireless network adapters. This issue manifests in the mt7921 wireless chipsets which are commonly found in various networking devices and laptops. The vulnerability stems from improper memory management practices within the ACPI (Advanced Configuration and Power Interface) reading functionality of the driver, creating a dangerous use-after-free condition that can be exploited to compromise system integrity.
The technical flaw occurs in the mt7921_acpi_read() function where the driver attempts to dereference a pointer variable named "sar_root" after it has already been freed from memory. This use-after-free condition represents a classic memory safety vulnerability that allows attackers to potentially execute arbitrary code or cause system crashes. The flaw demonstrates poor resource management where the driver fails to properly track the lifecycle of allocated memory structures, specifically the sar_root variable which contains critical wireless configuration data. This type of vulnerability is categorized under CWE-416 as "Use After Free" and represents a significant concern for kernel-level security since it can be leveraged to escalate privileges or gain unauthorized access to system resources.
The operational impact of this vulnerability extends beyond simple system instability, as it creates potential attack vectors for malicious actors who can exploit the memory corruption to execute code with kernel-level privileges. When an attacker successfully triggers this condition, they may be able to manipulate the wireless driver's behavior, potentially gaining access to sensitive network configuration data or even compromising the entire system. The vulnerability affects devices running Linux kernels that incorporate the mt76 driver with mt7921 chipset support, making it relevant to a broad range of networking equipment including routers, laptops, and embedded devices. This type of kernel-level vulnerability aligns with ATT&CK technique T1068 which covers "Exploitation for Privilege Escalation" and represents a critical threat to system security in environments where wireless connectivity is essential.
Mitigation strategies for CVE-2022-50852 primarily involve applying the official kernel patches released by the Linux kernel development team, which address the improper memory management by ensuring that the sar_root pointer is not dereferenced after being freed. System administrators should prioritize updating their kernel versions to include the fix, particularly in environments where wireless network security is paramount. Additional protective measures include implementing network segmentation to limit wireless access, monitoring for unusual network behavior that might indicate exploitation attempts, and maintaining regular security audits of wireless infrastructure. The fix typically involves adding proper null checks and ensuring memory lifecycle management adheres to proper kernel coding standards, which prevents the scenario where freed memory is accessed again. Organizations should also consider implementing intrusion detection systems that can monitor for potential exploitation attempts targeting kernel vulnerabilities, as these types of memory corruption issues often manifest through specific patterns in system behavior that can be detected by security monitoring tools.